Vulnerabilities / Threats
3/25/2010
05:04 PM
50%
50%

CEOs Paying Attention To Security, Study Says

CIO is the person most frequently held responsible for data protection, Ponemon survey says

Top-level executives are beginning to grasp the importance of security, according to a study published today.

Eighty-one percent of C-level executives think that investing in a security strategy can greatly reduce or mitigate the risk of data loss or theft, according to the survey of 115 C-level executives in the U.K. conducted by Ponemon Institute and sponsored by IBM.

"In the face of growing security threats, business leaders are finally recognizing that a strong data protection strategy plays a critical role to their bottom line," says Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "Today, C-level executives believe the cost savings from investing in a data protection program is substantially higher than the estimated value of recovering from a breach."

Seventy-seven percent of C-level executives reported that their organizations have experienced a data breach at some point, while all respondents disclosed that they have had their data attacked in the past 12 months. Seventy-six percent think that reducing potential security flaws within business-critical applications is the most important aspect of their data protection programs.

C-level executives believe good data protection practices can support important organizational goals, such as compliance, reputation management, and customer trust. Only a small percentage of the CEOs surveyed, just 18 percent, are very confident that their organizations will not suffer a data breach within the next year.

Executives in the study estimated the average data breach cost per compromised record at about $250. CEOs estimated that cost to be closer to $300 per compromised record.

Three-quarters of respondents reported that one person is considered to be in charge of data protection for their organizations. That person is considered by most to be the CIO -- especially by the CEO.

More than half (51 percent) of C-level executives believe the purpose of data protection programs is to increase brand or marketplace image.

"We are witnessing C-level executives implement security strategies at a much higher rate than ever before," said Daniel Sabbah, general manager of IBM Rational.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.